InfoSecBulletin Cybersecurity for mankind
Elastic reported a security incident caused by a breach at Salesloft Drift, leading to unauthorized access to an internal email account with valid credentials. The company’s main Salesforce system was unaffected, but the incident revealed sensitive information in a few emails.
Salesloft Drift reported a security incident affecting its platform on August 26, 2025. A subsequent in-depth report from Google’s Threat Intelligence Group detailed the threat actor’s activities related to the breach.
Microsft warns of active directory and office vulnarabilty
(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points
1.6M fitness phone call recordings exposed online
Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days
Elastic Security Incident : Hackers Accessed Email Account Contains Valid Credentials
Hacker Exploit Amazon SES to Send 50K Phishing Emails
SafePay Ransomware
SafePay Ransomware Attacks 73 Orgs in a Single Month
Bangladesh Cyber Threat Landscape- 2024
602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
ISC2 Aims to Bridge DFIR Skill Gap with New Certificate
Elastic activated its incident response protocols to proactively investigate any possible impact on customers using Drift for business applications. Elastic’s security team started an investigation to see if any company or customer data was exposed, even though they weren’t directly notified of being affected.
Scope Of The Impact:
Elastic’s investigation confirmed that its Salesforce environment was not compromised. However, the team discovered that a single email account had been exposed through the “Drift Email” integration. Unauthorized access might have allowed someone to only read emails in that inbox. Security personnel found a few emails in the inbox containing potentially valid credentials.
Elastic informed potentially affected customers via their support channels. The company said that customers who didn’t get a direct notification were not affected by the credential leak. After the Drift incident, Elastic’s Information Security team quickly acted to control the threat and evaluate the damage.
The team conducted a thorough investigation, analyzing access logs, network activity, and system settings to gauge the data exposure. The first crucial action was to disable all Drift integrations in Elastic’s environment to prevent further risk from the compromised third-party platform.
The team checked open-source intelligence for Indicators of Compromise (IOCs) and worked with Drift’s security team for more information. Elastic is committed to transparency and protecting customer data, and is actively monitoring for updates on the situation.
